f65c77558bfffdccb23ffbd8b763f226829b7416ebc546e37c8d8678d1b6a686

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2023 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f65c77558bfffdccb23ffbd8b763f226829b7416ebc546e37c8d8678d1b6a686.exe
Size

790KB
MD5

44e6c07bd08e68525aa12073727a212a
SHA1

b3ff54d7035dbd42801cbb3dda7192bb5123e260
SHA256

f65c77558bfffdccb23ffbd8b763f226829b7416ebc546e37c8d8678d1b6a686
SHA512

72a6c7ff58fac18ce5a47a424eb58b79d776fd8539ca9e0125966c3f004f3899155b14e09e11f67af9b09d6fb379354f1ea8b055366f0c36acf9f8abfb3db36f
SSDEEP

12288:6tvs2ttd1PuZUiMqylDxljISy1G41To6lG4/ehhWXoF:6tvs2ttd1WSiDyxxJTy44Zo6lG4Wh6oF

Score

8^/10

discovery

Malware Config

Signatures

Contacts a large (863) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\b45b775a-37dc-4601-8235-fdc650ace824.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230220202808.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
1680	msedge.exe
1680	msedge.exe
5428	identity_helper.exe
5428	identity_helper.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2260	f65c77558bfffdccb23ffbd8b763f226829b7416ebc546e37c8d8678d1b6a686.exe
2260	f65c77558bfffdccb23ffbd8b763f226829b7416ebc546e37c8d8678d1b6a686.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 1680	2260	f65c77558bfffdccb23ffbd8b763f226829b7416ebc546e37c8d8678d1b6a686.exe	83
PID 2260 wrote to memory of 1680	2260	f65c77558bfffdccb23ffbd8b763f226829b7416ebc546e37c8d8678d1b6a686.exe	83
PID 1680 wrote to memory of 2872	1680	msedge.exe	84
PID 1680 wrote to memory of 2872	1680	msedge.exe	84
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2052	1680	msedge.exe	87
PID 1680 wrote to memory of 2816	1680	msedge.exe	88
PID 1680 wrote to memory of 2816	1680	msedge.exe	88
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91
PID 1680 wrote to memory of 2164	1680	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\f65c77558bfffdccb23ffbd8b763f226829b7416ebc546e37c8d8678d1b6a686.exe
"C:\Users\Admin\AppData\Local\Temp\f65c77558bfffdccb23ffbd8b763f226829b7416ebc546e37c8d8678d1b6a686.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.oneptp.com/ax/?uid=507801&ad=14
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xfc,0x100,0x9c,0x104,0x7ffe073746f8,0x7ffe07374708,0x7ffe07374718
    3⤵
    PID:2872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    PID:2052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
    3⤵
    PID:2164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
    3⤵
    PID:4736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
    3⤵
    PID:1288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
    3⤵
    PID:3900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
    3⤵
    PID:2020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
    3⤵
    PID:1328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
    3⤵
    PID:4864
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
    3⤵
    PID:2232
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7b1a05460,0x7ff7b1a05470,0x7ff7b1a05480
      4⤵
      PID:4728
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
    3⤵
    PID:5436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
    3⤵
    PID:5460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
    3⤵
    PID:6108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15172640907132096860,7611507257965209717,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3180 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3752

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
290B

MD5
06994214d2329a2ed7f89ee855062cd9

SHA1
122f1d059206d64baabb858631b2476ee4b1dedd

SHA256
b9dbcdf44f1c72f01ddda56d3a67b18d3fb7433172c3ab1e3f191e8cfd6c57d1

SHA512
518c2781dacd6655350f2dbea4e7e6483dc46b2590d836c23f1833b570476aa50357a4cd0b771a26c96c876912652155692034dec1b9a716b8a04e7df8b4eaac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d547fd655c12732eb6bc113584bb2c3a

SHA1
177b096f04b39d9359f2f29788610b2352329bf5

SHA256
be2b9b60cc38dc8ee7f990f0601382c7f4b352a9d865fbf125d56761f6d6b961

SHA512
d27c13a7a11fa83af6fb6e64dea23b5b9765049afab41677ffe60564f0e560487d41ba795c79b1dbee34a676a386daa3c35fa5e618271df1a7c28ab6d428f45e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
d2bf70798b257681e34fc300c6ee039e

SHA1
78ffe54588b2c50a048bf2d9de15a2b7d2486809

SHA256
6f4de52d3607d3e89d04c1808b7686885ae9395e8fd778f48ad5d83dee7c38bb

SHA512
b09cc059f0ce88d6b413ebc435011e1a3e6f68f9de9de1fdc93e8b0dcea68670e5d4a6485ace05d3f7091b2f500653a94fc22ac8e2299f7af68e3b6b4b679fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
2db0439981a8168fa7584f150daf565b

SHA1
28998463f2876bf77c85dc36ca602937ea1df3ec

SHA256
e4b78e6714cbacda1ed05ea7f3ab1321eb6251ffe807e86d3b65cbcd1a7580dd

SHA512
1745a3321f60d7238334a1b9198020a7adbb5fc98515974d393c2e000e6d1943cd4b80e53e0d536be08230863227d63e15e54a5598fdbb692fa9e95ec8a77789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
545B

MD5
e9367c095e04ee449261d072d01d1562

SHA1
ae122df1b34960804eac085071d5035506062fee

SHA256
36df977713639cce62350e1abf998d83bae42d04aaa4e7a0895ff1858c59d00a

SHA512
07861f003cab923a73281a3579d767328ffe95b97e6ea1acaf09d7a74ab4fa0cbb81074486ff3beac078aebdafb9a3e4726bd5fa355d90f0f888d75370282f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
b594ad7b54f8e95ddb4aa85ba0f92e99

SHA1
422c765ce2ac41ba076aaf02b35daab8990f1493

SHA256
54f2abfaaabda42f94c189e57b5df0d04328d728fe4e9d356ac6ca50b0881a69

SHA512
1a72ca61beb413ece32b649d1bde1ceab4329ade7df1b196ce0b69701853066b63678efa6da14f564e4775cfd80d3d06aaa26327c043fc73500b40e8cc869118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
350d2e1f1a54d8db4b5ac0fda4e39b0e

SHA1
e5052598c7c435468168c4609b86972ee4f7eaf5

SHA256
5e782304ce8a20c58f1041df88022813a20ffa6ed713f2f7799d4ca3a4411edf

SHA512
ad7c14d364ce5ebebc6f566ee6416271df5c31f4e18cf3a79c1d5a4c5b9cf9636206eb6422d7b118d187515725861cf0cce86a4a6e30fa8c0067ee67b1ad7783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55c8e38687df4daf610e5a14469e5d1d

SHA1
fdc426dcc56fdd982429bdb3ea801bf1d4051db6

SHA256
200084fef2546120a58f1edaa391ab1891da52cba7f88a92f7e0f0a7731b6c30

SHA512
59031abe265a3c1288335cd69371cf2f7bfb545cefa2eeb7bde6a3750606abc71943ee86a967f1b566e8ef66a2b0609e5432672408ec7aef3597840389efde91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
573eb9601e97c91ffb3342c69b78eafc

SHA1
3dd2f9e51589182e957a1e684fd9ce2232320139

SHA256
8c4af186a780d1258684877f56ff783a2ae7bd26c95df95f53147041467b2df1

SHA512
a9100dc3e49c475dbbcd577e3283b81f99329c1e5ccd78e08c202b5eda2e40d1e2710aa386253873300f5abc1fc7a5e6effecefd9380bb4be440f6185e487689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56e4d7.TMP

Filesize
540B

MD5
30e29cfad5df6395b5b666a545c5c09f

SHA1
d092c74552a42c980f919ed6bcda4344f6d2e13d

SHA256
76c4107567c68bfff428eb2a5010ad60de4659336a2341245898e266ac0800d4

SHA512
5a81f04ee466a3ce6b8fd480b018cbe9d1ebbcc34730273866bdc9d089a7fabc57f23d8e1b83c6efc892c1a566cc9355442fce7faf35dbc0f3b3ec871eea6876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f70738fd-929b-4814-b0b9-e450608c79c8.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
67e0de874929af86b5328101882e754c

SHA1
4f1a4b21f0f081cc1987887c4bb591620aa95700

SHA256
5bef0859e98ab0b3579c0cb2e4a593674eb1991d5526779f768ffb6b5576e412

SHA512
767d9c45e3ee522c337229c68e7cd745cd9f37292846a45ee07b279c9948df59e87919f52557caf3498f3e70f956ccb6776f398e35f41a476ed45b1364903e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cb84cf9761aa1a4b071e15b1c1aa9147

SHA1
8cec274806504972845c67eaee2f4225956426e4

SHA256
2e2f87ca42d51a16d87ff875aecef8f72e66d37e748afe4393ee89d19c2249e7

SHA512
cf81eb25893ef31b9efaab185405eb6dbb0680887f112c90cd388e060e21f9b7da339a58e6e390d76f9e82198cb04438d3b7613decd1d459bd081fa46b3dea6a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c30132a48137792f7fc69738b36af3eb

SHA1
511a31abf7127b69a80cb8815399b9ae6ad394fc

SHA256
85973a30ad8287c590b5f103946b5a53ad17060651ef968f1e818415bab2358f

SHA512
183acb19d8252ecd09cae90ebd8c0fe9ee8005cdeeabbaa7d3de8c1e29b490ffac3dd947c1705b81c4486be0d52ad798f878ec07a45dcb7de5984cdbaabe7448

Download Submit
memory/2052-159-0x00007FFE24190000-0x00007FFE24191000-memory.dmp

Filesize
4KB

Download